The Mirai Botnet, Tip of the IoT Iceberg

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The Mirai botnet is malware designed to take control of the BusyBox systems that are commonly used in IoT devices. BusyBox software is a lightweight executable capable of running several Unix tools in a variety of POSIX environments that have limited resources, making it an ideal candidate for IoT devices. It appears the DDoS attacks of October 21 have been identified as sourced from XiongMai Technologies IoT equipment.

IoT devices have proliferated at a rapid pace, and anyone that can take control of them can wield significant power. This power came into full display on September 20, 2016 when the Mirai botnet launched a record DDoS attack, estimated at around 620 Gbps in size, inevitably taking the Krebs on Security website offline.

But this appears to be just the beginning of IoT-based attacks, as the source code for Mirai has been published online.

The IoT Security Challenge

The challenge with IoT devices is that not only are they often insecure by design, but they lack the options to apply patches or upgrade. Enterprises deploying IoT devices may spend the time needed to change default credentials, place the devices in a segregated network zone, or otherwise harden their systems – but consumers are highly unlikely to implement any such measures.

Opening Pandoras Linux Box

With the Mirai source code published and no plan in place to patch or otherwise protect vulnerable IoT devices, it was inevitable that the source code would be used for malicious purposes, or even out of curiosity.

The AlienVault labs team analyzed the source code and developed signatures to detect Mirai activity.

With the data in Open Threat Exchange (OTX), the team was able to see a significant spike in Mirai activity after the source code went live, both in terms of how many times the signature was hit, and in the number of affected devices.

detecting miriai activity with OTX


IoT device security has been spoken about, even joked about for some time. IoT manufacturers have overwhelmingly chosen convenience and neglected to heed any of the security warnings.

The Mirai botnet has given us the first real glimpse into the power of an IoT botnet and the damage that can be done.

With no patching feasible for most devices, there is no easy fix in sight. IoT device manufacturers will need to consider architecting fundamental security principles into the designs, such as avoiding the use of default credentials.

Until such a time that IoT devices have secure options, these devices will continue to feature prominently at the forefront of cyber security attacks.

It’s free to join OTX, and the platform offers an API to integrate Indicators of Compromise (IoC’s) into other security controls. AlienVault Unified Security Management™ includes this integration and alerts you when IoC’s from OTX are detected in your environment.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About AT&T CyberSecurity
AT&T Cybersecurity’s edge-to-edge technologies provide phenomenal threat intelligence, collaborative defense, security without the seams, and solutions that fit your business. Our unique, collaborative approach integrates best-of-breed technologies with unrivaled network visibility and actionable threat intelligence from AT&T Alien Labs researchers, Security Operations Center analysts, and machine learning – helping to enable our customers around the globe to anticipate and act on threats to protect their business. --
Promoted Content
2018 Threat Intelligence Report
Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security programs. This threat intelligence report, produced by Cybersecurity Insiders, explores how organizations are leveraging threat intelligence data, the benefits and most critical features of threat intelligence platforms, and the biggest cyber threats organizations are using their threat intelligence to combat. Download this report now to learn industry findings around threat intelligence.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?